For Cauldron, I asked for a freeze move.

Whiteboard: MGA9TOO => (none)
Flags: affects_mga9+ => (none)
CVE: CVE-2026-8090, CVE-2026-8092, CVE-2026-8094 => CVE-2025-62813, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8090, CVE-2026-8092, CVE-2026-8094
Version: Cauldron => 9

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

LZ4 compression library issue. (CVE-2025-62813)

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777)

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778)

Use-after-free in the DOM: Networking component. (CVE-2026-8090)

Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092)

Other issue in the WebRTC component. (CVE-2026-8094)

References:
https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/
========================

Updated packages in core/updates_testing:
========================
firefox-140.10.2-1.mga9
firefox-af-140.10.2-1.mga9
firefox-an-140.10.2-1.mga9
firefox-ar-140.10.2-1.mga9
firefox-ast-140.10.2-1.mga9
firefox-az-140.10.2-1.mga9
firefox-be-140.10.2-1.mga9
firefox-bg-140.10.2-1.mga9
firefox-bn-140.10.2-1.mga9
firefox-br-140.10.2-1.mga9
firefox-bs-140.10.2-1.mga9
firefox-ca-140.10.2-1.mga9
firefox-cs-140.10.2-1.mga9
firefox-cy-140.10.2-1.mga9
firefox-da-140.10.2-1.mga9
firefox-de-140.10.2-1.mga9
firefox-el-140.10.2-1.mga9
firefox-en_CA-140.10.2-1.mga9
firefox-en_GB-140.10.2-1.mga9
firefox-en_US-140.10.2-1.mga9
firefox-eo-140.10.2-1.mga9
firefox-es_AR-140.10.2-1.mga9
firefox-es_CL-140.10.2-1.mga9
firefox-es_ES-140.10.2-1.mga9
firefox-es_MX-140.10.2-1.mga9
firefox-et-140.10.2-1.mga9
firefox-eu-140.10.2-1.mga9
firefox-fa-140.10.2-1.mga9
firefox-ff-140.10.2-1.mga9
firefox-fi-140.10.2-1.mga9
firefox-fr-140.10.2-1.mga9
firefox-fur-140.10.2-1.mga9
firefox-fy_NL-140.10.2-1.mga9
firefox-ga_IE-140.10.2-1.mga9
firefox-gd-140.10.2-1.mga9
firefox-gl-140.10.2-1.mga9
firefox-gu_IN-140.10.2-1.mga9
firefox-he-140.10.2-1.mga9
firefox-hi_IN-140.10.2-1.mga9
firefox-hr-140.10.2-1.mga9
firefox-hsb-140.10.2-1.mga9
firefox-hu-140.10.2-1.mga9
firefox-hy_AM-140.10.2-1.mga9
firefox-ia-140.10.2-1.mga9
firefox-id-140.10.2-1.mga9
firefox-is-140.10.2-1.mga9
firefox-it-140.10.2-1.mga9
firefox-ja-140.10.2-1.mga9
firefox-ka-140.10.2-1.mga9
firefox-kab-140.10.2-1.mga9
firefox-kk-140.10.2-1.mga9
firefox-km-140.10.2-1.mga9
firefox-kn-140.10.2-1.mga9
firefox-ko-140.10.2-1.mga9
firefox-lij-140.10.2-1.mga9
firefox-lt-140.10.2-1.mga9
firefox-lv-140.10.2-1.mga9
firefox-mk-140.10.2-1.mga9
firefox-mr-140.10.2-1.mga9
firefox-ms-140.10.2-1.mga9
firefox-my-140.10.2-1.mga9
firefox-nb_NO-140.10.2-1.mga9
firefox-nl-140.10.2-1.mga9
firefox-nn_NO-140.10.2-1.mga9
firefox-oc-140.10.2-1.mga9
firefox-pa_IN-140.10.2-1.mga9
firefox-pl-140.10.2-1.mga9
firefox-pt_BR-140.10.2-1.mga9
firefox-pt_PT-140.10.2-1.mga9
firefox-ro-140.10.2-1.mga9
firefox-ru-140.10.2-1.mga9
firefox-sat-140.10.2-1.mga9
firefox-sc-140.10.2-1.mga9
firefox-si-140.10.2-1.mga9
firefox-sk-140.10.2-1.mga9
firefox-sl-140.10.2-1.mga9
firefox-sq-140.10.2-1.mga9
firefox-sr-140.10.2-1.mga9
firefox-sv_SE-140.10.2-1.mga9
firefox-szl-140.10.2-1.mga9
firefox-ta-140.10.2-1.mga9
firefox-te-140.10.2-1.mga9
firefox-tg-140.10.2-1.mga9
firefox-th-140.10.2-1.mga9
firefox-tl-140.10.2-1.mga9
firefox-tr-140.10.2-1.mga9
firefox-uk-140.10.2-1.mga9
firefox-ur-140.10.2-1.mga9
firefox-uz-140.10.2-1.mga9
firefox-vi-140.10.2-1.mga9
firefox-xh-140.10.2-1.mga9
firefox-zh_CN-140.10.2-1.mga9
firefox-zh_TW-140.10.2-1.mga9

thunderbird-140.10.2-1.mga9
thunderbird-af-140.10.2-1.mga9
thunderbird-ar-140.10.2-1.mga9
thunderbird-ast-140.10.2-1.mga9
thunderbird-be-140.10.2-1.mga9
thunderbird-bg-140.10.2-1.mga9
thunderbird-br-140.10.2-1.mga9
thunderbird-ca-140.10.2-1.mga9
thunderbird-cs-140.10.2-1.mga9
thunderbird-cy-140.10.2-1.mga9
thunderbird-da-140.10.2-1.mga9
thunderbird-de-140.10.2-1.mga9
thunderbird-dsb-140.10.2-1.mga9
thunderbird-el-140.10.2-1.mga9
thunderbird-en_CA-140.10.2-1.mga9
thunderbird-en_GB-140.10.2-1.mga9
thunderbird-en_US-140.10.2-1.mga9
thunderbird-es_AR-140.10.2-1.mga9
thunderbird-es_ES-140.10.2-1.mga9
thunderbird-es_MX-140.10.2-1.mga9
thunderbird-et-140.10.2-1.mga9
thunderbird-eu-140.10.2-1.mga9
thunderbird-fi-140.10.2-1.mga9
thunderbird-fr-140.10.2-1.mga9
thunderbird-fy_NL-140.10.2-1.mga9
thunderbird-ga_IE-140.10.2-1.mga9
thunderbird-gd-140.10.2-1.mga9
thunderbird-gl-140.10.2-1.mga9
thunderbird-he-140.10.2-1.mga9
thunderbird-hr-140.10.2-1.mga9
thunderbird-hsb-140.10.2-1.mga9
thunderbird-hu-140.10.2-1.mga9
thunderbird-hy_AM-140.10.2-1.mga9
thunderbird-id-140.10.2-1.mga9
thunderbird-is-140.10.2-1.mga9
thunderbird-it-140.10.2-1.mga9
thunderbird-ja-140.10.2-1.mga9
thunderbird-ka-140.10.2-1.mga9
thunderbird-kab-140.10.2-1.mga9
thunderbird-kk-140.10.2-1.mga9
thunderbird-ko-140.10.2-1.mga9
thunderbird-lt-140.10.2-1.mga9
thunderbird-lv-140.10.2-1.mga9
thunderbird-ms-140.10.2-1.mga9
thunderbird-nb_NO-140.10.2-1.mga9
thunderbird-nl-140.10.2-1.mga9
thunderbird-nn_NO-140.10.2-1.mga9
thunderbird-pa_IN-140.10.2-1.mga9
thunderbird-pl-140.10.2-1.mga9
thunderbird-pt_BR-140.10.2-1.mga9
thunderbird-pt_PT-140.10.2-1.mga9
thunderbird-ro-140.10.2-1.mga9
thunderbird-ru-140.10.2-1.mga9
thunderbird-sk-140.10.2-1.mga9
thunderbird-sl-140.10.2-1.mga9
thunderbird-sq-140.10.2-1.mga9
thunderbird-sr-140.10.2-1.mga9
thunderbird-sv_SE-140.10.2-1.mga9
thunderbird-th-140.10.2-1.mga9
thunderbird-tr-140.10.2-1.mga9
thunderbird-uk-140.10.2-1.mga9
thunderbird-uz-140.10.2-1.mga9
thunderbird-vi-140.10.2-1.mga9
thunderbird-zh_CN-140.10.2-1.mga9
thunderbird-zh_TW-140.10.2-1.mga9

from SRPMS:
firefox-140.10.2-1.mga9.src.rpm
firefox-l10n-140.10.2-1.mga9.src.rpm
thunderbird-140.10.2-1.mga9.src.rpm
thunderbird-l10n-140.10.2-1.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

MGA9-64, Plasma

$ firefox -version
Mozilla Firefox 140.10.2esr




used for over my usual websites 

Working as expected.

CC: (none) => brtians1

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Thunderbird: sending and receiving emails without and with attachments work all OK. Google calendar displays OK.
Firefox: Google news displays OK; sound good. Youtube OK for Bach's Johannes Passion.

CC: (none) => herman.viaene

MGA9-64 server kernel in X11 Plasma, i5-7500, nvidia Quadro K620 graphics running nvidia-current.  No installation issues with the US English versions of both apps.

Visited some sites with Firefox, played a couple of Youtube videos, no issues to report. 

Sent and received mail with Thunderbird, checked newsgroups, clicked on an embedded link to bring up Firefox.

Looks good here.

CC: (none) => andrewsfarm

These look OK. Validating.

Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Both passed my usual tests.
On x86_64, Plasma, nouveau and intel.

CC: (none) => fri

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0145.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED